System Entry Path Concept

1.  Introduction

Unblu by default uses a set of entry paths (http request path prefix) as a high level distinction for different kinds of requests. In typical on premise installation these path prefixes are used as a high level segregation for requests coming from different origins (public internet, intranet or from administrators / other systems). Based on these path prefixes, unblu grants different privileges while executing requests.

In typical installations unblu is operated behind a reverse proxy that guarantees requests are restricted according to path prefix and origin of the request.

2. Public (untrusted) "/unblu" entry path

The "/unblu" path prefix is the part of the unblu server that visitors need to have access to. Typically "/unblu" is mapped in a reverse proxy in a way that it can be accessed from within the application that is going to be co-browsed.

3. Restricted (trusted) "/co-unblu" entry path

The "/co-unblu/" path prefix is the part of the unblu server that MUST only be accessible to authenticated users (agents).

4. System "/sys-unblu" entry path

The "/sys-unblu/" path prefix is the part of the unblu server that MUST only be accessible for other systems (i.e. the unblu filter) or administrators.

5. Security considerations

The "/sys-unblu/" path prefix needs to be protected in a way that only administrators or other systems have access.